CVE-2021-23283

Security issues in Eaton Intelligent Power Protector (IPP)

CVSS 5.2 MEDIUMEPSS 0.5%CWE-79

Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software.

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Productos afectados

Eaton · Eaton Intelligent Power Protector (IPP)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1001b_V1.0.pdf